Strange behaviour of dnssec-signzone
Mark Andrews
marka at isc.org
Wed Dec 15 11:22:45 UTC 2010
In message <c008a6086493ca91d9b6707551689fe5@[::1]>, Patrick Vande Walle writes
:
> Greetings,
>
> My zone file contains a TXT record for DKIM :
>
> sig-2010._domainkey IN TXT "v=DKIM1; r=postmaster; g=*; k=rsa;
> t=s; p=[deleted for shortness]"
>
> When I run: /usr/sbin/dnssec-signzone -u -3 5D2CA8 -C -g -p -o
> example.net. -e +7776000 -l dlv.isc.org zone.db K*.private 2>&1"
>
> It returns: "dnssec-signzone: fatal: failed loading zone from
> 'zone.db': ran out of space"
>
> If I delete the "g=*;" tag of the TXT record
>
> sig-2010._domainkey IN TXT "v=DKIM1; r=postmaster; k=rsa; t=s;
> p=[deleted for shortness]"
A string in a TXT record can only be 255 characters long though there
can be multiple strings. If you try to load a string longer than 255
characters you will get the error above.
RFC 4871 DomainKeys Identified Mail (DKIM) Signatures
Strings in a TXT RR MUST be concatenated together before use with no
intervening whitespace. TXT RRs MUST be unique for a particular
selector name; that is, if there are multiple records in an RRset,
the results are undefined.
> signing happens with no problem.
>
> I am wondering if others have seen this strange behaviour of
> dnssec-signzone (version 9.7.1-P2).
>
> Thanks,
>
> Patrick Vande Walle
>
> _______________________________________________
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
--
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: marka at isc.org
More information about the bind-users
mailing list